Routing OpenVPN user traffic over IPSec to Dest network


  • I have users VPN'ing in using openvpn to a pfsense box at a remote site. That remote site is connected to a production network over ipsec.

    I can't get traffic from the OpenVPN interface over to the ipsec interface. I see icmp packets hitting the openvpn interface heading towards the subnet that's on the other side of the ipsec tunnel, but the packets never show up in the ipsec tunnel capture.

    I'm pushing a route as "route 10.16.8.0 255.255.252.0" which is the destination network on the other side of the ipsec (the prod network side). I have a static route enabled in pfsense for that traffic to go over the wan gateway.

    What am I missing?

  • Rebel Alliance Developer Netgate

    As long as the OpenVPN client has routes, and the IPsec tunnel has a Phase 2 entry that covers the OpenVPN tunnel/client network then it should work OK. Also may need adjustments to IPsec firewall rules on the far side, and to make sure there are no conflicting networks, etc.


  • You also need to add a firewall rule to the IPSEC interface (On both ends) that allows traffic to/from the OpenVPN network.

    Also sharing IP addresses with us means nothing without a network map.